Don’t Mind the Gap
[Pages:64]Don't Mind the Gap: Bridging Network-wide Objectives and Device-level Configurations
Ryan Beckett (Princeton, MSR) Ratul Mahajan (MSR) Todd Millstein (UCLA) Jitu Padhye (MSR) David Walker (Princeton)
Configuring Networks is Error-Prone
~60% of network downtime is caused by human error
-Yankee group 2002
50-80% of outages from configuration changes
-Juniper 2008
2
Configuring Networks is Error-Prone
Sign In | Register
YouTube/Pakistan incident: Could something similar whack your site?
Configuring BGP properly is key to avoidance, 'Net registry official says
By Carolyn Duffy Marsan
Network World | Mar 10, 2008 1:00 AM PT
In light of Pakistan Telecom/YouTube incident, Internet registry official explains how you can avoid having your web site victimized by such an attack. When Pakistan Telecom blocked YouTube's traffic one Sunday evening in February, the ISP created an international incident that wreaked havoc on the popular video site for more than two hours. RIPE NCC, the European registry for Internet addresses, has conducted an analysis of what happened during Pakistan Telecom's hijacking of YouTube's traffic and the steps that YouTube took to stop the attack. We posed some questions to RIPE NCC's Chief Scientist Daniel Karrenberg about the YouTube incident. Here's what he had to say:
How frequently do hijacking incidents like the Pakistan Telecom/YouTube incident happen? Misconfigurations of iBGP (internal BGP, the protocol used between the routers in the same Autonomous System) happen regularly and are usually the result of an error. One such misconfiguration caused the Pakistan Telecom/YouTube incident. It appears that the Pakistan Telecom/YouTube incident was not an "attack" as some have labeled it, but a configuration error. (See Columnist Johna Till Johnson's take on the topic.) What is significant about the YouTube incident?
3
Configuring Networks is Error-Prone
Sign In | Register
YouTube/Pakistan incident: Could something similar whack your site?
Configuring BGP properly is key to avoidance, 'Net registry official says
By Carolyn Duffy Marsan
Network World | Mar 10, 2008 1:00 AM PT
In light of Pakistan Telecom/YouTube incident, Internet registry official explains how you can avoid having your web site victimized by such an attack. When Pakistan Telecom blocked YouTube's traffic one Sunday evening in February, the ISP created an international incident that wreaked havoc on the popular video site for more than two hours. RIPE NCC, the European registry for Internet addresses, has conducted an analysis of what happened during Pakistan Telecom's hijacking of YouTube's traffic and the steps that YouTube took to stop the attack. We posed some questions to RIPE NCC's Chief Scientist Daniel Karrenberg about the YouTube incident. Here's what he had to say:
How frequently do hijacking incidents like the Pakistan Telecom/YouTube incident happen? Misconfigurations of iBGP (internal BGP, the protocol used between the routers in the same Autonomous System) happen regularly and are usually the result of an error. One such misconfiguration caused the Pakistan Telecom/YouTube incident. It appears that the Pakistan Telecom/YouTube incident was not an "attack" as some have labeled it, but a configuration error. (See Columnist Johna Till Johnson's take on the topic.) What is significant about the YouTube incident?
4
Configuring Networks is Error-Prone
2/5/2016
Log in Sign up
China routing snafu briefly mangles interweb ? The Register
Cash'n'Carrion Whitepapers The Channel The Next Platform
,
Sign In | Register
YouTube/Pakistan incident: Could something similar whack
your site?
DATA CENTER SOFTWARE NETWORKS SECURITY INFRASTRUCTURE DEVOPS BUSINESS HARDWARE SCIENCE BOOTNOTES FORUMS
Networks Broadband
Configuring BGP properly is key to avoidance, 'Net registCrhyinoaffriocuiatilng snafu briefly mangles interweb
says
Cockup, not conspiracy
More like this
China Network Security
By Carolyn Duffy Marsan
Network World | Mar 10, 2008 1:00 AM PT
9 Apr 2010 at 12:24, John Leyden
5
0
Bad routing information sourced from China has disrupted the internet for the second time in a fortnight.
Global BGP (Border Gateway Routing) lookup tables sucked in data from a small ISP called IDC China Telecommunication, apparently accidentally broadcast by stateowned carrier China Telecommunications, IDG reports. ISPs including AT&T, France Telcom, Level3, Deutsche Telekom, Qwest and Telefonica accepted illthought out traffic routes as a result of the incident.
About the FT
Viewing
BGP is a core routing protocol which maps options for the best available routes for traffic to flow across
the net. Several routing options are normally included. The China BGP incident is the internet routing
In light of Pakistan Telecom/YouTube incident, Internet registry official explains how youeqcuiavanlenat vofoTiodmThoamvpiunbglishing routes via Shanghai for motorists looking for alternative routes
your web site victimized by such an attack.
between London and Paris.
IDC China Telecommunication published illconceived routes for between 32,000 and 37,000 networks
When
Pakistan
Telecom
blocked
YouTube's
traffic
one
Sunday
evening
in
February,
the ISP created an about 10 per cent of the net instead of the normal 40 or so routes, and this information was taken as viable routing options by many service providers for about 20 minutes early on Thursday morning (US
international incident that wreaked havoc on the popular video site for more than twotimhe)oaufterrsC.hina Telecommunications republished it and before the mixup was resolved. Routers in Asia would have been more likely to adopt the false routes as potentially viable, but effects of the
incident were recorded all over the world.
RIPE NCC, the European registry for Internet addresses, has conducted an analysis of what happened , a BGP monitoring service, has a detailed technical writeup of the snafu, which it
during Pakistan Telecom's hijacking of YouTube's traffic and the steps that YouTube tdoesockribetdoasstaopprefitxhheijack, here.
attack.
Although it seems they [IDC China Telecommunication] have leaked a whole table, only
about 10 per cent of these prefixes propagated outside of the Chinese network. These
We posed some questions to RIPE NCC's Chief Scientist Daniel Karrenberg about the YoinucTluudebpereifnixecsidfoer npotp.ular websites such as , , amazon.de,
and geocities.jp.
Here's what he had to say:
A large number of networks impacted this morning were actually Chinese networks. These
include some popular Chinese website such as , .cn ,
, and
How frequently do hijacking incidents like the Pakistan Telecom/YouTube incideAnctochkauppips seunsp?ected, rather than a conspiracy, at least by .
0:15
The surest investment you'll make this year
The FT's comprehensive coverage of global business provides the insight and analysis you need to stay one step ahead in 2016 and beyond.
The surest investment you'll make this year. Subscribe & save 33%
Most read
Given the large number of prefixes and short interval I don't believe this is an intentional
Misconfigurations of iBGP (internal BGP, the protocol used between the routers in the shaijamcke. Most likely it's because of configuration issue, i.e. fat fingers. But again, this is just
Autonomous System) happen regularly and are usually the result of an error. One suchspeculation.
misconfiguration caused the Pakistan Telecom/YouTube incident. It appears that theTPheapkraisctticaalnconsequences of the screwup are still being assessed but it could have resulted in dropped connections or, worse, traffic routed through unknown systems in China. The mess provides
Telecom/YouTube incident was not an "attack" as some have labeled it, but a configuornaetoifothne celerarreosrt .illu(sStreateions of the security shortcomings of BGP, a somewhat obscure but
Columnist Johna Till Johnson's take on the topic.)
nonetheless important network protocol.
What is significant about the YouTube incident?
The China BGP global routing represents a rare but not unprecedented mixup in global internet traffic management. For example, just two weeks ago bad routing data resulted in the redirection of Chilean internet traffic through a DNS (Domain Name System) server in China, as explained in a detailed post mortem by internet monitoring firm Renesys here. Bad BGP routing information from Pakistan caused
German Chancellor fires hydrogen plasma with the push of a button
Who would code a self destruct feature into their own web browser? Oh, hello, Apple
Who wants a quadcore 4.2GHz, 64GB, 5TB SSD
RAID 10 ... laptop?
1/4
5
Configuring Networks is Error-Prone
2/5/2016
2/5/2016 China routing snafu briefly mangles interweb ? The Register
Internet-Wide Catastrophe--Last Year - Dyn Research | The New Home Of Renesys
Log in Sign up
??
Cash'n'Carrion Whitepapers The Channel The Next Platform
Search
,
Sign In | Register
YouTube/Pakistan incident: Could something similar whack
your site?
DATA CENTER SOFTWARE NETWORKS SECURITY INFRASTRUCTURE DEVOPS BUSINESS HARDWARE SCIENCE BOOTNOTES FORUMS
Networks Broadband
Configuring BGP properly is key to avoidance, 'Net registCrhyinoaffriocuiatilng snafu briefly mangles interweb
says
Cockup, not conspiracy
More like this
China Network Security
By Carolyn Duffy Marsan
Network World | Mar 10, 2008 1:00 AM PT
9 Apr 2010 at 12:24, John Leyden
5
0
HOME
Bad routing information sourced from China has disrupted the internet for the second time in a fortnight.
Global BGP (Border Gateway Routing) lookup tables sucked in data from a small ISP called IDC China Telecommunication, apparently accidentally broadcast by stateowned carrier China Telecommunications, IDG reports. ISPs including AT&T, France Telcom, Level3, Deutsche Telekom, Qwest and Telefonica accepted illthought out traffic routes as a result of the incident.
TOPIACSbout the FTPRESENTATIONS
Viewing
ABOUT
BGP is a core routing protocol which maps options for the best available routes for traffic to flow across the net. Several routing options are normally included. The China BGP incid2entDisECthEeMinBtEerRne2t4ro, u2t0in0g5
In light of Pakistan Telecom/YouTube incident, Internet registry official explains how youeqcuiavanlenat vofoTiodmThoamvpiunbglishing routes via Shanghai for motorists looking for alternative routes
? COMMENTS (0)
your web site victimized by such an attack.
between London and Paris.
1 ENGINEERING
TODD UNDERWOOD
- VIEWS: 3038
0:15
IDC China Telecommunication published illconceived routes for between 32,000 and 37,000 networks
The surest investment
Internet-Wide When
Pakistan
Telecom
blocked
YouTube's
traffic
one
Sunday
evening
in
February,
the ISP created an about 10 per cent of the net instead of the normal 40 or so routes, and this information was taken as viable routing options by many service providers for about 20 minutes early on Thursday morning (US
international incident that wreaked havoc on the popular video site for more than twotimhe)oaufterrsC.hina Telecommunications republished it and before the mixup was resolved. Routers in Asia would have been more likely to adopt the false routes as potentially viable, but effects of the
you'll make this year
The FT's comprehensive coverage of global business provides the insight and analysis you need to stay one
Catastrophe--Last Year incident were recorded all over the world.
RIPE NCC, the European registry for Internet addresses, has conducted an analysis of what happened , a BGP monitoring service, has a detailed technical writeup of the snafu, which it
during Pakistan Telecom's hijacking of YouTube's traffic and the steps that YouTube tdoesockribetdoasstaopprefitxhheijack, here.
step ahead in 2016 and beyond.
attack.
Although it seems they [IDC China Telecommunication] have leaked a whole table, only
about 10 per cent of these prefixes propagated outside of the Chinese network. These
We posed some questions to RIPE NCC's Chief Scientist Daniel Karrenberg about the YoinucTluudebpereifnixecsidfoer npotp.ular websites such as , , amazon.de,
and geocities.jp.
Here's what he had to say:
A large number of networks impacted this morning were actually Chinese networks. These
The surest investment you'll make this year.
Subscribe & save 33%
include some popular Chinese website such as , .cn ,
, and
One year ago today TTNet in Turkey (AS9121) pretended to be the entire
How frequently do hijacking incidents like the Pakistan Telecom/YouTube incideAnctochkauppips seunsp?ected, rather than a conspiracy, at least by BGPmon.nIent.ternet. And unfortunateMlyosfotrrethaed rest of the Internet, many large
Given the large number of prefixes and short interval I don't belienveettwhisoirskanpirnotevnitdioenarls believed them (orGaertmleanasCthbanecleiellvorefdiretshem in part). As
Misconfigurations of iBGP (internal BGP, the protocol used between the routers in the shaijamcke. Most likely it's because of configuration issue, i.e. fat fingfearsr. aBsut aagnayino, tnheis iksnjuoswt s, it was a mistahkyed,rongoetn aplamsmalaicwioithutsheact. But the
Autonomous System) happen regularly and are usually the result of an error. One suchspeculation.
push of a button
consequences were far from benign: for several hours a large number of
misconfiguration caused the Pakistan Telecom/YouTube incident. It appears that theTPheapkraisctticaalnconsequences of the screwup are still being assessed but it could have resulted in dropped connections or, worse, traffic routed through unknown systemsInintC?ehPrinnraee.vTtiohuessmeSetrsossrypwroveidrees
Telecom/YouTube incident was not an "attack" as some have labeled it, but a configuornaetoifothne celerarreosrt .illu(sStreateions of the security shortcomings of BGP, a somewhat obscure but
unable
to
Who would code a self
reachdaesltarurgctefenautumrebinetor tohfeiIrnternet
sites.
Columnist Johna Till Johnson's take on the topic.)
nonetheless important network protocol.
Twelve months later we can take a loowonkwaetb wbrhowastehr?apOph,ened, and whether
hello, Apple
The China BGP global routing represents a rare but not unprecedentedwmiex'uvpeinlgeloabranl ientdernmet utracffhic in the intervening time.
What is significant about the YouTube incident?
management. For example, just two weeks ago bad routing data resulted in the redirection of Chilean
Who wants a quadcore
internet mortem
traffic through a DNS (Domain Name System) by internet monitoring firm Renesys here. Bad
sBeGrvPerroinutCinhgininaf,oaErmsaearxtilpoylnaifCnroehmd riPnisaaktidmsetataanislceadEupsvoesedt
morning
2004, 4T.2TGNHezt,
6(A4GSB9,152T1B) SsStaDrted
announcing
RAID 10 ... laptop?
1/4
OUTAGES
DYN CONTENT
HUB
Popular Authors Archives
The New Threat: Targeted Internet Traffic Misdirection
NOVEMBER 19, 2013
Egypt Leaves the Internet
JANUARY 27, 2011
Internet Touches Next StoHrya?lf Million Routes: Outages Possible Next Week
AUGUST 13, 2014
1/5
6
Fundamental Tradeoff?
Configuration
Distributed
Centralized
Distributed Control Mechanism
Centralized
7
Fundamental Tradeoff?
Configuration
Distributed
Centralized
Distributed
Control Mechanism
OSPF RIP BGP
Scalability Robustness Complexity
Centralized
8
................
................
In order to avoid copyright disputes, this page is only a partial summary.
To fulfill the demand for quickly locating and searching documents.
It is intelligent file search solution for home and business.
Related download
- united states of america federal trade commission
- teen news engagement key findings and toplines
- ough a medium spirit of jfk tells what really happened
- how to represent yourself at an unemployment benefits
- kelly m klaus sbn 161091 public version
- brown s gas for health science spirit
- michael brown jonathan cahn
- self validation skills for use in dbt group skills training
- don t mind the gap
- how youtube was hijacked
Related searches
- why don t adults ask questions
- why don t guys like me quiz
- why people don t go to college
- i don t have a life
- why men don t like me
- why students don t attend college
- why don t i have a boyfriend quiz
- dealerships that don t need credit
- what if you don t have baking soda
- don t know synonyms
- don t and doesn t usage
- do does don t doesn t exercises